SharePoint APIs are used in various platforms to perform basic as well as complex actions.

Two places where these APIs are used vigorously are:

1. SPFx Solutions
2. Power Automate
3. Custom Applications

The challenge faced while developing these solutions is that, there is no easy and quick way to test or execute these API calls in a time saving manner.

There is another alternative to do the API calls from POSTMAN, but it requires you to register an app in AZURE APP DIRECTORY and then use client IDs and Client Secrets to generate the Bearer Access Token and then use it to authenticate your API calls.

But today we will discuss another simple way which is very quick to implement and saves a lot of time.

• SharePoint List with Read and Write access.
• Postman

In this blog, we will leverage the existing authorization tokens that you have in your browser from visiting an existing SharePoint list. This will save us tremendous amount of time and effort and will not require any additional admin rights to use Postman calls.

First, we will be having a SharePoint List on which we are going to do all these API calls from Postman.

1. We will navigate to our SharePoint site and Click on “New” on Action bar.

     2. Click on the “List” option in the dropdown menu.

     3. A new “Create a list” window will open. We will create a “Blank list”.

     4. We will provide the Title as “Postman_Test_List” for our new list and click on “Create”.

     5. We can see, there is only one column “Title”. We will change the view of this list and show another column “ID” in this view.

     6. To Change View, we will click on the “All Items” dropdown on Action bar.

     7. From the dropdown menu we will select “Edit Current View”

     8. Here we will select the column we want to show. We will check the “ID” column and change its “Position from Left” to 1.

After checking and changing position of “ID” your settings should look like this:

     9. Now Click on “OK” button on the top right corner of the Page.

     10. After Clicking on “OK”, we will see the “ID” column has been added to the left.

We are ready with our list called “Postman_Test_List” for further experimenting.  

We will focus on getting the cookies that we need for our API calls. Follow the below steps:

1. While you are on your SharePoint list, open the developer tools. Click on the three dots “…” (also known as ellipses).

     2. Next select “More Tools” and then “Developer Tools”. Prefer using Microsoft Edge or Chrome browser for this activity.

     3. We need to see network calls in order to get our cookie details. Click on the double right arrow chevron “>>” and then click on Network as shown below:

     4. We need to filter Network calls to get the specific call.

     5. We will type “AllItems” in Filter Input Field and then we will refresh the page to get the network calls. Note: This is the name of the view in the url as AllItems.aspx.

     6. After refreshing the page, we will get 2 “AllItems” calls in our network tab. We will select the row by clicking on it once where Type column is “text/html”.

     7. By default, we will be in the “Preview” tab. We need to go to the “Headers” tab by clicking on it as shown below:

     8. To find cookies, we have to scroll down until we find “Set-Cookie”. We will now try to copy two cookies from here named “rtfa” and “FedAuth”. Copy the values in these cookies and paste it in your notepad for further use. Copy the part which is underlined in green. Do not copy the semi-colon at the last.

Remember there is an expiration time of these cookies, so keep in mind that if you are testing the API calls after long time you must get these values again.

Note: It is better to copy these values in a notepad, so that if you enter these values in another API call you are not coming to the SharePoint list and doing the same process again and again.

Make sure you have postman installed for your next steps. You can download it from here.

After starting Postman, you will come on this screen and then click on “+” button on top left corner of the window to add a new API request.

We must enter the API request URL, and then in the headers part we must give some headers that will authenticate and validate our API request.  We are clearly not going to use the bearer authorization token, instead we are going to use the cookies to authenticate our request.

To make the post Request API calls we need “__metadata” of the list. To get the “__metadata” we do a Get request from postman. Which is as below: -

1. In the new tab of postman, we will give the Url in URL field to get the “__metadata” of the list.

In our scenario above we have used the following request URL:

https://jarial98.sharepoint.com/sites/Postman-Testing/_api/Web/Lists/getbytitle('Postman_Test_List')?$select=ListItemEntityTypeFullName

In your scenario make sure to change the [Sharepoint_Site_Collection_Url] and [List_Name] in your URL as shown below:

https://[Sharepoint_Site_Collection_Url]/ _api/Web/Lists/getbytitle(‘[List_Name ]’)?$select=ListItemEntityTypeFullName

     2. We will now set our headers. First, we will configure “Content-Type”. Click on the “Key” field in the Headers and type “Content-Type”.

     3. For our “Content-Type” key, we will configure the value as “application/json;odata=verbose” as shown below:

Let us understand what these headers are for.

Content-Type: This is the header which Tells the SharePoint that the request is coming with JSON data.

Accept: This header tells SharePoint that we need the result in JSON format and odata means we need maximum data to be returned from the result.

Cookie: - These will contain two cookies namely, “rtfa” and “FedAuth”.

     5. Click on “Send” button on the right of the URL Field. We will get a response with status code of “200”. This is our “__metadata”. Copy the part which is underlined in green and paste it in notepad for further use.

There is one more key that we need to configure in Header. It is called X-RequestDigest.

This header authenticates all the requests that are made to SharePoint except Get requests. The value of X-RequestDigest expires soon, so we need to get the value again and again to do our API calls. It is a good option to save our request so that we can easily go there and get the updated X-RequestDigest values.

Please make sure to keep previous headers as configured in the above steps as is. Follow the next steps as below:

1. Open new Tab in Postman and type the following URL. Headers will be same as we had for “__metadata” request. Remember this is a POST request type.

After entering the relevant data click on “Send”.

In our scenario above we have used the following request URL:

https://jarial98.sharepoint.com/sites/Postman-Testing/_api/contextinfo

In your scenario make sure to change the [Sharepoint_Site_Collection_Url] in your URL as shown below:

https://[Sharepoint_Site_Collection_Url]/_api/contextinfo

     2. We will get a response and will copy the “FormDigestValue”. This is our “X-RequestDigest” header. Copy the value which is underlined in green and save this in notepad.

Note: - Form Digest Value has an expiration time of 1800 seconds. So, we have to do this request again when this value is expired.

Now, we have all the headers we need to make API requests.

Now we will make our first API call to get the items from the SharePoint List. We will use the getbytitle API option available in the Lists API from SharePoint. For more details refer to the documentation here.

1. Open new tab in Postman and type the below URL in the URL Field. There are no new Headers that we will use. After Entering all the values as shown below click on “Send”.

In our scenario above we have used the following request URL:

https://jarial98.sharepoint.com/sites/Postman-Testing/_api/Web/Lists/getbytitle('Postman_Test_List')/items

In your scenario make sure to change the [Sharepoint_Site_Collection_Url] and [List_Name] in your URL as shown below:

https://[ Sharepoint_Site_Collection_Url]/_api/Web/Lists/getbytitle(‘[List Name]’)/items

     2. We will get response with Status of “200”. Which means our request was successful and the response will contain all the items from our “Postman_Test_List” list.

The URL endpoint from SharePoint REST API for creating an item is the same as it is for reading an item. The difference is in the nature of “request type” and other information that needs to be sent along as a POST request. Follow the below steps to create a single item in SharePoint list:

1. We will open a new tab in Postman and write the URL and configure relevant headers to do a create item API request.

The “X-RequestDigest” header is used here because this is a POST request, and we need to validate this request. Every other header is same as above calls i.e Reading Items.

In our scenario above we have used the following request URL:

https://jarial98.SharePoint.com/sites/Postman-Testing/_api/Web/Lists/getbytitle('Postman_Test_List')/items  

In your scenario make sure to change the [Sharepoint_Site_Collection_Url] and [List_Name] in your URL as shown below:

https://[Sharepoint_Site_Collection_Url]/ _api/Web/Lists/getbytitle([List Name])/items

This is a POST request, so we need to send our Sharepoint list item data in the body of the request.

     2. Just below the URL field, we are having various options. We will select “body” and then select “Raw” radio button.

     3. After Clicking on “Raw” radio button, we will select on what format we want to send the data. Select “JSON” from the dropdown list.

     4. Now we need to write the body of the Request. Which looks like this.

“__metadata”: This is the metadata of the List. We got this by following steps above to get “__metadata”. We will paste the “ListItemEntityTypeFullName” value that we pasted in Notepad earlier.

Title: This is the data that we will send in the “Title” column of our SharePoint list.

{

    "__metadata":{

        "type": "SP.Data.Postman_x005f_Test_x005f_ListListItem"

    },

    "Title":"Sample Title 2"

}

Let us hypothetically imagine that your SharePoint list had another single line of text column called “Country”. If we were to send “India” as our value, our body request should look like this:

{

    "__metadata":{

        "type": "SP.Data.Postman_x005f_Test_x005f_ListListItem"

    },

    "Title":"Sample Title 2",

    “Country”:”India”

}

After entering the body, click on “Send” button.

     5. We will get a response, with the Status number “201”.

     6. To Confirm whether the item has created or not, we will go back and check our list.

We will update a particular item in our SharePoint list. To get that item, we need to get its ID. So, we will navigate back to our SharePoint List and grab the ID of the item to be updated. In our case we are going to update the item with “ID” 2.

Update request is identical to Create request. There are only two new Headers that will be included, and the body of the request will be same as create item’s body. This is a POST request.

There are two new headers, X-HTTP-Method and If-Match

X-HTTP-Method: This basically means what type of request it is. Why we are not using Patch and Delete is because in some networks at application layer these requests can be blocked but, POST and GET requests are rarely blocked. You can read more about X-Http-Requests from here.

If-Match: This basically matches the eTag value but here we are not giving the e-tag value we are giving “*”.

In our scenario above we have used the following request URL:

https://jarial98.sharepoint.com/sites/Postman-Testing/_api/Web/Lists/getbytitle('Postman_Test_List')/items(2)

In your scenario make sure to change the [Sharepoint_Site_Collection_Url], [List_Name] and [ID] in your URL as shown below:

https://[Sharepoint_Site_Collection_Url]/ _api/Web/Lists/getbytitle([List Name])/items(ID)

1. After entering all the data click on “Send” button.

We will get status of “204” because this was an update request, it did not send any data in response.

     2. We will go to the SharePoint List to verify the updated item.

We will delete a particular item in our SharePoint list. To get that item, we need to get its ID. So, we will navigate back to our SharePoint List and grab the ID of the item to be deleted. In our case we are going to delete the item with “ID” 2.

All the headers will be same as update request’s Headers. Only the value of “X-HTTP-Method” will be changed to “Delete”.

1. We will create a new tab and enter the URL same as update request. All the headers will be same. After Entering all the values click on “Send”. As this is a “Delete” request we do not need to send body.

In our scenario above we have used the following request URL:

https://jarial98.sharepoint.com/sites/Postman-Testing/_api/Web/Lists/getbytitle('Postman_Test_List')/items(2)

In your scenario make sure to change the [Sharepoint_Site_Collection_Url], [List_Name] and [ID] in your URL as shown below:

https://[Sharepoint_Site_Collection_Url]/ _api/Web/Lists/getbytitle([List Name])/items(ID)

     2. After, clicking on “Send” button we will get response with status code of “200”, stating that our request was successful.

     3. Now, we will check whether our API call deleted the specified item in SharePoint list.